package org.zowe.apiml.gateway.security.login.x509;

import java.security.cert.X509Certificate;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import org.zowe.apiml.gateway.security.service.TokenCreationService;
import org.zowe.apiml.security.common.error.AuthenticationTokenException;
import org.zowe.apiml.security.common.token.TokenAuthentication;
import org.zowe.apiml.security.common.token.X509AuthenticationToken;

@Component
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/login/x509/X509AuthenticationProvider.class */
public class X509AuthenticationProvider implements AuthenticationProvider {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) X509AuthenticationProvider.class);

    @Value("${apiml.security.x509.enabled:false}")
    boolean isClientCertEnabled;
    private final X509AuthenticationMapper x509AuthenticationMapper;
    private final TokenCreationService tokenCreationService;

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) {
        log.debug("Authenticating X509 Certificate");
        if (!(authentication instanceof X509AuthenticationToken)) {
            throw new AuthenticationTokenException("Wrong authentication token. " + authentication.getClass());
        }
        if (!this.isClientCertEnabled) {
            log.debug("X509 authentication is not enabled. Certificate will not be authenticated.");
            return null;
        }
        String userid = getUserid(authentication);
        if (userid == null) {
            log.debug("Mapping user to certificate was not successful.");
            return null;
        }
        log.debug("Successfully mapped user to certificate: {}", userid);
        TokenAuthentication tokenAuthentication = new TokenAuthentication(userid, this.tokenCreationService.createJwtTokenWithoutCredentials(userid));
        tokenAuthentication.setAuthenticated(true);
        log.debug("Successfully authenticated user {} by X509 certificate.", userid);
        return tokenAuthentication;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return X509AuthenticationToken.class.isAssignableFrom(cls);
    }

    private String getUserid(Authentication authentication) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) authentication.getCredentials();
        log.debug("Getting user id for certificate: {}", x509CertificateArr[0]);
        return this.x509AuthenticationMapper.mapCertificateToMainframeUserId(x509CertificateArr[0]);
    }

    @Generated
    public X509AuthenticationProvider(X509AuthenticationMapper x509AuthenticationMapper, TokenCreationService tokenCreationService) {
        this.x509AuthenticationMapper = x509AuthenticationMapper;
        this.tokenCreationService = tokenCreationService;
    }
}
